Resources

2025-W03 The Austrian DSB Slaps Down Google’s Controllership Denial, CCPA applicable for AI and more

2025-W05 DeepSeek: A Quantum Leap in AI, A Dead End in GDPR Compliance

2025-W02-Privacy News German Court Awards EUR 10000 for Unlawful Disclosure of Data, EDPB Issues Opinion on AI Models and more

UK ICO Controller ROPA Template

Records of processing Activities (ROPA)

Standard contractual clauses for EU-EEA by EU

Standard Contractual Clauses (SCC)

Standard contractual clauses for international transfers by EU

Data Transfers, Standard Contractual Clauses (SCC)

Decision of 19 October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra

Adequacy Decisions

Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina

Adequacy Decisions

Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act

Adequacy Decisions

Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data

Adequacy Decisions

Decision of 21 November 2003 on the adequate protection of personal data in Guernsey

Adequacy Decisions

Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data

Adequacy Decisions

Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man

Adequacy Decisions

Decision (EU) 2019/419 of 23 January 2019 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information

Adequacy Decisions

Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey

Adequacy Decisions

Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand

Adequacy Decisions

Decision (EU) 2022/254 of 17 December 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the Republic of Korea under the Personal Information Protection Act

Adequacy Decisions

Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland

Adequacy Decisions

Decision (EU) 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom (notified under document C(2021)4800)

Adequacy Decisions

Decision (EU) 2021/1773 of 28 June 2021 pursuant to Directive (EU) 2016/680 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom

Adequacy Decisions

Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

First Draft General-Purpose AI Code of Practice by EU Commission

Mobile Applications recommendations for better privacy protection by CNIL (french)

Product Privacy Design

Recommendations for the use of AI coding assistants by ANSSI and BSI

AI, Specific processing situations

Recommendation on mobile applications or apps by the French DPA

Lawfulness of Processing, Specific processing situations

Privacy Impact Assessment (PIA) Templates by CNIL

Data Protection Impact Assessment (DPIA)

Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725) |EPDB

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR) |EPDB

Data Transfers

Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data |Version 2.0 |EPDB

Data Transfers

Recommendations 02/2020 on the European Essential Guarantees for surveillance measures |EPDB

Specific processing situations, Surveillance

Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive |EPDB

Adequacy Decisions, Data Transfers

Recommendations 02/2021 on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions |EPDB

Consent, Lawfulness of Processing

International Data Transfer Agreements – Transitional Provisions

Data Transfers

Transfer Risk Assessment Tool by the UK ICO

Data Transfers

Transfer Impact Assessment (TIA) Template by HSE

Data Transfers

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Data Transfers

[Draft] Transfer Impact Assessment by the CNIL

Data Transfers

DPIA for AI template

Controllers and Processors, Data Protection Impact Assessment (DPIA)

AI Privacy Policy template

AI, Specific processing situations

AI and Data Protection Risk Toolkit by UK ICO

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Description of the dataset template by CNIL

AI, Specific processing situations